def set_auth_id(self, auth_id, user_id): # add a new auth Id to an existing account user_has_same_auth_id = EnkiModelUser.exist_by_auth_id(auth_id) if not user_has_same_auth_id: user = ndb.Key(EnkiModelUser, user_id).get() if user: # add the auth_id to the account user.auth_ids_provider.append(auth_id) user.put() return user else: return None else: return None
def provider_authenticated_callback(self, loginInfo): # We expect the fields of the dictionary to be: # - 'provider_name' unique 'pretty' provider name (e.g. google, facebook,...) # - 'provider_uid' provider specific (a.k.a "locally unique") user Id, i.e unique to the provider (e.g. the google user id number) # - 'email' # - 'email_verified' # We IGNORE: username, gender (facebook), avatar link, etc. # get the verified email from the auth provider email = None if loginInfo['email'] and loginInfo['email_verified'] == True: email = loginInfo['email'] # get the authId from the auth provider auth_id = loginInfo['provider_name'] + ':' + loginInfo['provider_uid'] if auth_id: # Modify existing or create user # check if it's an add login method request LoginAddToken = EnkiModelTokenVerify.get_by_user_id_state_type( self.user_id, loginInfo['provider_name'], 'loginaddconfirm_1') if LoginAddToken: # Add a login method if not EnkiModelUser.exist_by_auth_id(auth_id): # store the new auth prov + id in the session LoginAddToken.state = auth_id LoginAddToken.type = 'loginaddconfirm_2' LoginAddToken.put() self.redirect( enki.libutil.get_local_url('loginaddconfirm')) else: self.add_infomessage( MSG.INFORMATION(), MSG.AUTH_PROVIDER_CANNOT_BE_ADDED(str(auth_id))) self.redirect(enki.libutil.get_local_url('accountconnect')) return else: user = self.get_user_from_authid(auth_id, email) if user: # Existing authentication method / user if self.is_logged_in() and self.user_id == user.key.id(): # Refresh the reauthenticated status self.session['reauth_time'] = datetime.datetime.now() self.add_infomessage(MSG.SUCCESS(), MSG.REAUTHENTICATED()) self.redirect_to_relevant_page() return # Login self.log_in_session_token_create(user) self.add_infomessage(MSG.SUCCESS(), MSG.LOGGED_IN()) self.redirect_to_relevant_page() else: # New authentication method register_token = EnkiModelTokenVerify.get_by_state_type( auth_id, 'register') if register_token: # If a token already exists, get the token value and update the email token = register_token.token register_token.email = email # update in case the user changed their email or modified their email access permission else: # Create a new token token = security.generate_random_string(entropy=256) register_token = EnkiModelTokenVerify(token=token, email=email, state=auth_id, type='register') register_token.put() self.session['tokenregisterauth'] = token if EnkiModelUser.exist_by_email(email): self.redirect( enki.libutil.get_local_url( 'registeroauthwithexistingemail')) else: self.redirect( enki.libutil.get_local_url('registeroauthconfirm')) else: self.redirect_to_relevant_page()